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DETAILED ACTION 

Claims 1,4-7, 10-17, 19-24, 27-28, 30-31 are pending in this application. Claims 1,11, 
23-24, 28 are the independent claims. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1,4-7, 10-17, 19-24, 27-28,30-31 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Traversat et al. (2002/0147810). 

As per claim 1 , Traversat et al. teach 

a method of providing access to a resource for one or more users - paragraphs 71 , 73, 
and 77. 

receiving an authorization request from a first entity to issue authorization data for the 
one or more users based on roles associated with the users - pars. 162, 368, and 440. 
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authorization data is required by a second entity for allowing the first entity to access a 
resource controlled by the second entity - pars. 78 (facilities provided as services in the 
service layer may include. ..authentication. ..peer group membership), 102 (each peer 
group may have different policies to authorize a peer to become a rendezvous peer), 
328, 439. 

responsive to the received authorization request, issuing the authorization data to the 
first entity - pars. 439-440. 

wherein the first entity provides the issued authorization data to the second entity, said 
authorization data including an expression identifying the resource by a resource name 
and by at least one property associated with the resource to conditionally define access 
to the resource - pars. 72, 159, 331 , 422-426. 

said authorization data further including validation information; receiving a validation 
request from the second entity to validate the issued authorization data that was 
provided to the second entity by the first entity... included therein - pars. 162, 422-423, 
439, 455. 

As per claim 4, Traversat et al. teach 

wherein receiving the request and issuing the authorization data occur over a secure 
sockets layer - pars. 418-419, 437. 
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As per claim 5, Traversat et al. teach 

wherein receiving the request and issuing the authorization data occur over a network 
such as the Internet - pars. 77-78. 

As per claim 6, Traversat et al. teach 

creating the expression identifying the resource in authorization data in response to the 
received authorization request - pars. 30, 325, 364. 

As per claim 7, Traversat et al. teach 

encrypting the created expression - pars. 78, 94, 139. 

As per claims 1 1 and 23, Traversat et al. teach 

a method for validating authorization data to provide access to a resource for 
one or more users - pars. 71 , 73, 77. 

receiving an authorization request from a client to issue authorization data for the one or 
more users based on roles associated with the users - pars. 162, 368, and 440. 

wherein said authorization data is required by an affiliate server for allowing the client to 
access a resource controlled by said affiliate/second/member/partner server - pars. 78 



Application/Control Number: 10/777,493 Page 5 

Art Unit: 2169 

(facilities provided as services in the service layer may include. ..authentication. ..peer 
group membership), 102 (each peer group may have different policies to authorize a 
peer to become a rendezvous peer), 328, 439. 

responsive to the received authorization request, generating an authorization token - 
pars. 139, 439. 

having a header field (pars. 132, 144, 355), a source field, and a claim field, said header 
field representing validation information, said source field representing the identity of the 
user (pars. 242-246), said claim field specifying the resource conditionally, said claim 
field including an expression identifying the resource by a resource name (pars. 113, 
117, 159, 172 )and by at least one property associated with the resource to conditionally 
define access to the resource - pars. 72, 107, 139, 162. 

sending the authorization token to the client, wherein the client provides the 
authorization token to the affiliate server - pars. 139, 439. 

receiving a validation request from the affiliate server to validate the authorization token, 
wherein said validation request includes the authorization token - pars. 72, 355, 422- 
425. 

retrieving validation information from the header of the received authorization data; 
evaluating the retrieved validation information to determine a validation status of the 
received authorization token - pars. 162, 206, 439-440. 
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sending a response to the affiliate server indicating the determined validation status 
responsive to said evaluating the retrieved validation information - pars. 325, 352, 355. 

As per claim 12, Traversat et al. teach 

evaluating the expression to identify the resource - par. 72. 

As per claim 13, Traversat et al. teach 

extracting a target scope from the received authorization data, said extracted target 
scope identifying the resource - pars. 71 ,110-112. 

As per claim 14, Traversat et al. teach 

receiving a data packet according to the Simple Object Access Protocol (SOAP), and 
further comprising extracting the authorization data from the received data packet - 
pars. pars. 243, 425, 431-439. 

As per claim 15, Traversat et al. teach 

wherein receiving the validation request including the authorization token occurs over a 
secure sockets layer - pars. 418-419, 437. 
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As per claim 16, Traversat et al. teach 

wherein receiving the validation request including the authorization token occurs over a 
network such as the Internet - pars. 77-78. 

As per claim 17, Traversat et al. teach 

decrypting the received authorization data token - pars. 139, 441 . 
As per claim 19, Traversat et al. teach 

retrieving a signature from the header of the received authorization data - pars. 94, 139, 
143. 

As per claim 20, Traversat et al. teach 

determining that the retrieved signature is invalid, and wherein sending the response 
comprises sending a response indicating the invalidity of the received authorization data 
token - pars. 139, 426, claim 12. 

As per claim 21 , Traversat et al. teach 
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wherein retrieving the validation information comprises retrieving an expiration date 
from the header of the received authorization token - pars. 451-453. 

and wherein evaluating the retrieved validation information comprises comparing the 
retrieved expiration date to a current time stamp to determine if the received 
authorization token has expired - pars. 439-440. 

As per claim 22, Traversat et al. teach 

wherein the received authorization token has been determined to be expired, and 
further comprising sending a response indicating the invalidity of the received 
authorization token - pars. 152, 451 , 453. 

As per claim 24, Traversat et al. teach 

receive an authorization request from a first entity to issue authorization data for the one 
or more users based on roles associated with the users - pars. 162, 368, and 440. 
wherein said authorization data is required by a second entity for allowing the client to 
access a resource controlled by said second entity - pars. 72-74, 78. 

an authorization component adapted to issue the requested authorization data for the 
users based on the roles associated with the users - pars. 162, 368, and 440. 
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an expression identifying a resource by a resource name and by a property associated 
with the resource and said authorization data including the validation information - pars. 
72, 159, 331,422-426. 

receive a validation request from the second entity, said validation request including the 
authorization data - pars. 162, 175, 439. 

a parser component adapted to retrieve validation information from the received 
authorization data - pars. 30, 121, 219. 

a validation component adapted to evaluate the retrieved validation information - pars. 
162, 439. 

wherein the interface component is further adapted to send a response indicating the 
validation status of the received authorization data responsive to said evaluating the 
retrieved validation information - pars. 81, 101, 323-325. 

As per claim 27, Traversat et al. teach 

a scope component to evaluate the expression to identify the resource - par. 72. 
As per claim 28, Traversat et al. teach 

a memory area for storing authorization data for use in providing a first entity access to 
a resource that is controlled by a second entity - pars. 72, 77-78, 139. 
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said authorization data including an expression identifying the resource by a resource 
name and by at least one property associated with the resource - pars. 72, 159, 331 , 
422-426. issuing responsive to a request from the first entity, the au 

thorization data for a user based on a role associated with the user and for validating, in 
response to a request from the second entity, the authorization data to provide access 
to the resource - pars. 162, 175, 439. 

As per claim 30, Traversat et al. teach 

evaluating the expression to identify the resource - par. 72. 

As per claim 31 , Traversat et al. teach 

wherein the authorization data comprises a token - pars. 139, 439. 
As per claim 36, Traversat et al. teach 

wherein the first entity is an application program - pars. 124, 362, 458. 
As per claim 37, Traversat et al. teach 

wherein the first entity is a computing device - pars. 88-89, 97, 328. 
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As per claim 38, Traversat et al. teach 

generating a signature based on the expression identifying the resource, and wherein 
the validation information includes said generated signature - pars. 94, 139, 451-453. 

As per claim 39, Traversat et al. teach 

wherein the validation information includes an expiration date - pars. 451-453. 
As per claim 40, Traversat et al. teach 

a site identifier identifying the first entity - pars. 72, 88-89, 97, 328. 
As per claim 41 , Traversat et al. teach 

retrieving the validation information from the received authorization data - pars. 72, 101, 
121,422-423, 441. 

evaluating the retrieved validation information - pars. 162, 439. 

sending a response to the second entity indicating the validation status of the received 
authorization data responsive to said evaluating the retrieved validation information - 
pars. 325, 352, 355. 
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Response to Arguments 

Applicant's arguments filed 7/7/08 have been fully considered but they are not 
persuasive. Applicant had amended independent claims, thus, new cited columns and 
lines are provided above. Examiner disagrees that Traversat fails to disclose 
authorizing access t specific resources associate with a role assigned to the peer. 
Please see pars. 77, 234, 440. 

In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., provide a central management for resources...) are not recited in the rejected 
claim(s). Although the claims are interpreted in light of the specification, limitations from 
the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1 181 , 26 
USPQ2d 1057 (Fed.Cir. 1993). 
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Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to LINH BLACK whose telephone number is 571-272- 
4106. The examiner can normally be reached on Mon.-Thurs.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trujillo can be reached on 571-272-3677. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

LINH BLACK 
Examiner 
Art Unit 2169 

October 26, 2008 

/HUNG Q. PHAIW 

Primary Examiner, Art Unit 2169 



